Warning: time to stop using PGP and new NAI products
Author
noting that I discovered a buffer overflow problem, and sent an email
to several NAI contact addresses, and filled in the feedback form on
their web site inviting them to ask me for details of how to reproduce
the problem.
Oh yes - this was a month ago.
No word from them since...
Disa...@saiknes.lv.no.spam.net
> Just in case anybody still upgrades their PGP since Phill left, it's worth
> noting that I discovered a buffer overflow problem, and sent an email
> to several NAI contact addresses, and filled in the feedback form on
> their web site inviting them to ask me for details of how to reproduce
> the problem.
which version(s) is affected ?
can you describe problem ?
== <EOF> ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^--GPG for Win32 (supports loadable modules and IDEA)
^---PGP 2.6.3ia-multi04 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160 hashes)
Author
> can you describe problem ?
7.0.3
malformed signature core-dumps* the system-tray tool (probably other things
too - only tested the system-tray tool tho...)
The instruction at "0029cfd4" referenced memory location "0x0000000c". The
memory could not be "read".
The stack overflow problem is not my point. My point is the inaction of
NAI. So, what if they fix this? How many other unreported problems are
they ignoring? And now, particularly, the idea of a PGP problem being in
existence means it may well be only a matter of time before the wrong person
looks at this post, goes "hmmm", and produces an exploit...
Heck - can't be that hard to figure out - the source code's even supposed to
be available someplace.
Imad R. Faiad
Hello,
Could you post examples of the malformed signature
which cause PGP to crash?
TIA
Best Regards
Imad R. Faiad
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/
iQEVAwUBO3JNQrzDFxiDPxutAQGsFgf9ElLa+LdVgQX+HmF0UigX2U+jj68oZy7V
hKBfuVoT8DMbqySQ6ycJswqEZQIKOZHburx0t41fYNJSxu82IyXYkZi7T8VZcij0
sC6PjLUW4jXbKPU0hfcYBr264KMgSzYrvEFGHpNoe29s25/bIYGZHpOXvtwbiSsE
Yxi0MynGRK4NoUxLQdCwEBYeuIGseJxdQuUosRZPocIrSJApjVoGTac4h9j4dDfG
jfrKSKxflUvhWyvp+yrvpQjoBddmo8xpD0hCcDurxSa9+qc3uEMKjrM4DykxD77F
F8dedDVvHLF+xfjeA9Ky1zjDhQZ0XNWx2ly/n4U7YQP0m9x3P5Suiw==
=WSXE
-----END PGP SIGNATURE-----
Author
publish. I don't want an exploit to be produced from it.
Julian Y. Koh
Hash: SHA1
In article <3b724092$0$20902$7f31...@news01.syd.optusnet.com.au>, "Author"
<c...@cotse.com> wrote:
>> which version(s) is affected ?
>> can you describe problem ?
>
>7.0.3
>
>malformed signature core-dumps* the system-tray tool (probably other things
>too - only tested the system-tray tool tho...)
Have you tried this on the Mac version?
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3
Comment: <http://charlotte.at.northwestern.edu/julian/pgppubkey.html>
iQA/AwUBO3Kvug5UB5zJHgFjEQI4IgCcCwzrtqo99TW7zj8uxMMODhegVxIAoOe5
4hy/rAefnvmy2+WxARP/vh/u
=EZFB
-----END PGP SIGNATURE-----
--
Julian Y. Koh <mailto:koh...@northwestern.edu>
Network Engineer <phone:847-467-5780>
Telecommunications and Network Services Northwestern University
PGP Public Key:<http://charlotte.at.northwestern.edu/julian/pgppubkey.html>
skeptic
9 Aug 2001 in <3b7230a4$0$20906$7f31...@news01.syd.optusnet.com.au>
c...@cotse.com wrote:
> Just in case anybody still upgrades their PGP since Phill left, it's worth
> noting that I discovered a buffer overflow problem, and sent an email
> to several NAI contact addresses, and filled in the feedback form on
> their web site inviting them to ask me for details of how to reproduce
> the problem.
Describe problem, provide what versions are affected.
The is no need to ask people to stop using PGP, even you could found problem.
PGP is fine.
Prove your point & help us, or stop this FUD.
=================================================
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of nym.alias.net.
Date: Thu Aug 9 23:44:39 2001 GMT
From: ske...@nym.alias.net
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBO3Mga05NDhYLYPHNAQFnrgf/UCKTckf0Bl5bgfxRQql+6Elvu0pRYd3S
VDwotPr1QFdxwHE6+MgTXRHDYgy39N/J1aSykmlJCEsnNYrQZJZKhZMmwLJEd3f2
Ig1XinBYEXewW4elOoqbokB3pvtb8Nm0Y+BpmZF0wd6YOXgTwTf1N8MMJRA/ZFpb
D0YAlxWQS5FDutbECwjshWX6oSTyO2dssu1SBScht2CwDHQtqzeHRNJHHf46bhet
ZZKutVew/7q9NslvKtdcVrYCPDcg/j1Aox9bf4kZt3DzVDRURlPZMXMkFnU78pSj
hRW/u5tdM/i8LT7WDpgEjSiNB61wDrzz18pQAfP86I2HD5kBilWKnQ==
=F7Rc
-----END PGP SIGNATURE-----
Steve K
> -----BEGIN PGP SIGNED MESSAGE-----
>
> 9 Aug 2001 in <3b7230a4$0$20906$7f31...@news01.syd.optusnet.com.au>
> c...@cotse.com wrote:
> > Just in case anybody still upgrades their PGP since Phill left, it's worth
> > noting that I discovered a buffer overflow problem, and sent an email
> > to several NAI contact addresses, and filled in the feedback form on
> > their web site inviting them to ask me for details of how to reproduce
> > the problem.
>
> Describe problem, provide what versions are affected.
> The is no need to ask people to stop using PGP, even you could found problem.
> PGP is fine.
>
> Prove your point & help us, or stop this FUD.
> =================================================
So far he has said that version 7.0.3 is affected, and that he has sent
an example to Imad for examination. That does not sound like FUD to me.
There is no need to ask people to tolerate closed source 7.x.x PGP,
and this buffer overflow problem, if real, contributes to the many
good reasons /not/ to tolerate closed source crypto, no matter what
the brand name.
Steve K
Thomas J. Boschloo
I think you acted responsibly. The next step would probably be to
publish the results, or I guess nothing would just happen. A lot of
folks (like <www.guninski.com>) don't wait a whole month to give the
maintainers of the source the time to fix things. You should remember
that people at e.g. the NSA and maybe even criminals have already found
this exploit and this means that right now people could have been
exposed to such an exploit! (window of vulnerability).
Thanks for finding this very dangerous bug! It has the potential to be
worse than the ASCII-Armor bug discovered by <www.atstake.com>.
Good luck to you,
Thomas
--
Android 18 - "You should listen to your friends Vegeta. After all it is
they who will have to scrape you from the ground after I have defeated
you".
Sam Simpson
<willkayakforfood@remove_thishushmail.com> wrote:
> In article <b187ddf3.01081...@posting.google.com>,
> pilob...@yahoo.com wrote...
>
>> There is no need to ask people to tolerate closed source 7.x.x PGP,...
>
>
> Hello Steve K,
>
> I know very well your position on source code,
I'd like to add it's not "Steve's view", but most cryptographers view,
including Schneier, Wagner et al
> and even though I'm
> currently using "closed source snake oil 7.x.x",
Nice to see you know the full name for the product ;)))
> I agree that the source
> needs to be released for peer review. However... generalized
> statements like the one above really do very little for those of us who
> "upgraded" because of apparent need.
No such thing.
> I was perfectly happy with my open source v6.5.8, until I went to using
> Windows ME. Instantly, v6.5.8 and it's PGPnet hosed my new OS. I had
> to remove PGP then re-install my OS.
So you knew ME + PGP w/ IPSec were incompatible, but still installed ME?
I think this is called shooting yourself in the foot ;)
> I want PGPnet, as I want to use
> it's VPN component. Since I didn't know much about GnuPG at the time
> (and even now, when I have GnuPG installed, I still have questions as to
> it's *readiness* for use with Windows - along with some other
> questions), so on the advice of PRZ, I waited for v7.0.x to be released,
> as it was supposed to support Windows ME. When it came out, I installed
> it, and everything worked again.
Of course, we should say apparently worked again. Security isn't
evidenced by "correctness" in a black box sense.
> Don't even think about telling me how I should "upgrade" back to Windows
> 98 SE, as that was a disaster on my machine (even though it was the
> factory installed OS). Windows ME is the best thing that has happened
> to this particular machine, so I'm not looking back.
>
> Until and unless I become a Linux geek, I'll stick with Windows ME - and
> my PGP v7.0.3.
Fair enough. As the saying goes, it's up to you to decide what level of
security you deserve.
> If there really is a newly discovered vulnerability in v7.0.3, I'll be
> very happy to have it fixed. I know that this alleged problem is being
> discussed with regards to v7.0.3, but is it also being tested on
> pre-7.0.3 PGP? Even on your beloved open source versions?
We could look at the source and detect in a matter of seconds in the open
source version.
Being flippant about this matter is of course an easy option for people
that don't rely upon security.
--
Regards,
Sam Simpson
http://www.scramdisk.clara.net/
http://www.samsimpson.com/
allie°M
....
> Don't even think about telling me how I should "upgrade" back to
> Windows 98 SE, as that was a disaster on my machine (even though
> it was the factory installed OS). Windows ME is the best thing
> that has happened to this particular machine, so I'm not looking
> back.
Even better. You could install Win2k and your machine would be
experiencing even better. A more secure, stable, reliable OS which
can run open source versions of PGP as well as GnuPG. <g>
-= allie°M =-
Kin
4ax.com:
Yes, but it's pretty expensive.
--
Kin
Remove NO_SPAM for personal replies
Key ID: 0x47873293
skeptic
10 Aug 2001 in <b187ddf3.01081...@posting.google.com>
Steve K pilob...@yahoo.com wrote:
> skeptic <Use-Author-Supplied-Address-Header@[127.1]> wrote in message
> news:<2001080923444...@nym.alias.net>...
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > 9 Aug 2001 in <3b7230a4$0$20906$7f31...@news01.syd.optusnet.com.au>
> > c...@cotse.com wrote:
> > > Just in case anybody still upgrades their PGP since Phill left, it's worth
> > > noting that I discovered a buffer overflow problem, and sent an email
> > > to several NAI contact addresses, and filled in the feedback form on
> > > their web site inviting them to ask me for details of how to reproduce
> > > the problem.
> >
> > Describe problem, provide what versions are affected.
> > The is no need to ask people to stop using PGP, even you could found problem.
> > PGP is fine.
> >
> > Prove your point & help us, or stop this FUD.
> > =================================================
>
> So far he has said that version 7.0.3 is affected,
Yes, you are right. I'm sorry I didn't read other post.
PGP v703 is dead PGP.
oooooooooooooooooooooo
> and that he has sent
> an example to Imad for examination. That does not sound like FUD to me.
It may not sound FUD to me too.
> There is no need to ask people to tolerate closed source 7.x.x PGP,
> and this buffer overflow problem, if real, contributes to the many
> good reasons /not/ to tolerate closed source crypto, no matter what
> the brand name.
Sure.
I will NEVER used closed source encryption software.
oooooooooooooooooooooooooooooooooooooooooooooooooooooo
I'm using the best PGP version, the classic PGP.
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of nym.alias.net.
Date: Fri Aug 10 22:44:05 2001 GMT
From: ske...@nym.alias.net
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBO3RjuE5NDhYLYPHNAQF2Zgf/XL9YOCtICyyo//ZDJrjC1G8SDVjCSkju
Ga7zwblq8ly7OIrV1t/FIe7dXlrLrPdsgWP+GbEfYTZLfaA+E5q7PxsiDYtuz48H
xB4eijZUw08rGdXGyYlorhyvSQt2j1bYs9PglRWhGqZlrWJdz83BJRD2r3XAKMHo
5WD1rAtX6C+k1JDB6oe0TFDLQD581V7SOzUWsoidUYvWRlMdagpC8UcuhFl8PWc3
StpHXz5sPi8SZaekWWeq3pZjf0Q3Kly8CM4wuWuvjm0Q/D+TQWyhBdrguNEjlIDP
gyacaJSGfeJNCRKoEAdq+1d363hk7rT67Ut1cMlH60x9iQZqQ8Fmqg==
=E5xl
-----END PGP SIGNATURE-----
skeptic
Fri, 10 Aug 2001 in <MPG.15ddbe0a2...@news.coastaccess.com>
Melissa willkayakforfood@REMOVE_THIShushmail.com wrote:
How fare would you ?
> In article <b187ddf3.01081...@posting.google.com>,
> pilob...@yahoo.com wrote...
>
> > There is no need to ask people to tolerate closed source 7.x.x
> > PGP,...
>
> Hello Steve K,
I'm not Steve, but I will comment your position.
> I know very well your position on source code,
It is my position too, and other thousands people, at least.
> and even though I'm
> currently using "closed source snake oil 7.x.x",
How did you find that it's snake oil ?
You know it, and you are using it, and you are posting here.
> I agree that the
> source needs to be released for peer review.
You agree for that, only agree ?
I'm demanding that source code will be available, or I will not touch it.
You are sounding like NAI top manager that make decision and is telling his workers:
"I agree to release source code" [ because people don't buy & use new versions ].
> However... generalized
> statements like the one above really do very little for those of us who
> "upgraded" because of apparent need.
When you need to upgrade is higher than you need for security,
then you did set-up your priorities wrongly. You have the freedom to be different.
[...]
> so on the advice of PRZ, I waited for v7.0.x to be
> released, as it was supposed to support Windows ME. When it came out,
> I installed it, and everything worked again.
Except security and encryption, perhaps.
> Don't even think about telling me how I should "upgrade" back to
> Windows 98 SE, as that was a disaster on my machine (even though it was
> the factory installed OS).
Your explanation is to much over hyped.
Every O/S has some minimum hardware requirements, but not to that level of difficulty.
Did you imported your hardware from some un-known place, inside some un-known country ?
And that is the reason that it isn't compatible with MS operating system ?
> Windows ME is the best thing that has
> happened to this particular machine,
???
Your explanation is to much over hyped.
> so I'm not looking back.
Very good. At least you are sure of your decision.
> Until and unless I become a Linux geek,
LINUX users are not geeks, just Linux users. Different interest, different priorities.
Very un-likely for you to be Linux user. For example, I designed computer programs in
the past, but I will never become COBOL programmer.
I see, you are on the ship that is at the ocean, and you are rolling from one
side to another as waves are rolling your ship.
You have stability problem ... on your ship.
> I'll stick with Windows ME -
> and my PGP v7.0.3.
>
> If there really is a newly discovered vulnerability in v7.0.3, I'll be
> very happy to have it fixed.
No one who understand at least some facts about security and encryption, is
using this shit. It will be "shit" as long as FULL source code is not available.
> I know that this alleged problem is being
> discussed with regards to v7.0.3, but is it also being tested on
> pre-7.0.3 PGP? Even on your beloved open source versions?
I don't know Steve, but my "beloved" PGP is classic PGP. Classic PGP earned its
highest level of acceptance because source code is present for almost 10 years, and
classic PGP is representative example of KISS principle.
KISS, keep it simple, stupid.
oooooooooooooooooooooooooooooo
I will not call the latest source code, for PGP v658, the example of KISS
principle. That source code is 30 MB in size. This is un-imageable quantity.
30 MB for the code of application that needs to encrypt and decrypt data ???
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
I'm running IDEA encryption program that is small enough to fit within single
512-byte sector. It's 0.5 kB = 0.0005 MB in size.
NAI has serious problems with KISS rule.
We should expect that source code for new v7x be substantially larger than
source code for v6x
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of nym.alias.net.
Date: Sat Aug 11 09:06:06 2001 GMT
From: ske...@nym.alias.net
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBO3T1f05NDhYLYPHNAQH7DQf+PVWTqu4B53TjghUs4ufn3ZtnI99Vget+
FHapY7sGDlmyFZaNC1A1ruTXyKDCk/Obq/v01X9T3tkxYekf4d0r6PoaYvSdQbuE
Au18zxU1oNLGpKEHGlX1iMmsSy3z1GwOal97UVIx04DdmtkrK8I0Jm7vv/gGyrsk
Fgnow6fNySsXlLq0vmZbgBLq0kKxzhymT00Qk/lgpaSTIlbViF0NVQLIJz3PQD7j
95cQRPzKMwyOJiLqgPJdjiAN/jzRR3RY/JVDdtrwDiAncP1sY4+xAClSFVJcLAfQ
qyhtssFtOfWNMdP1SprHuDPLoRcZSwiAQZo09TlizzDO/Pvs0Jv2IA==
=mffG
-----END PGP SIGNATURE-----
Steve K
Hash: SHA1
>In article <b187ddf3.01081...@posting.google.com>,
>pilob...@yahoo.com wrote...
>
>> There is no need to ask people to tolerate closed source 7.x.x
>> PGP,...
>
>
>Hello Steve K,
>
>I know very well your position on source code, and even though
I'm
>currently using "closed source snake oil 7.x.x", I agree that
the
>source needs to be released for peer review. However...
generalized
>statements like the one above really do very little for those
of us who
>"upgraded" because of apparent need.
Since you are fairly new to all this PGP stuff, allow me to
provide a brief history lesson.
PGP was designed with human rights workers and political
activists in mind. Phil Zimmermann was persecuted and nearly
prosecuted, because he designed PGP to be strong enough to
resist the cracking efforts of governments and major
coroporations. This is the background, and the baseline, of
PGP. Anything that does not meet this standard, yet is
advertised as PGP, is utterly bogus.
The Win32 versions of PGP are loaded with serious bugs. These
bugs would be unknown today, except for peer review of PGP source
code. The ascii armor parsing bug, for instance, allows an
attacker to use a specially formatted .asc packet-- a key,
encrypted file, or detached signature-- to plant any software
they want, anywhere on the user's computer. In other words,
there is, by accident or design, a real and useable back door in
every "official" build of NAI PGP for Win32, up to but not
including closed source 7.x.
There is no reason to believe that closed source PGP 7.x is any
less buggy than earlier releases. By all accounts, version 7 is
a major overhaul, with a new RNG and many other changes in the
core crypto components. The ascii armor parsing bug has been
fixed in version 7, because an independent reviewer found it and
reported it to the public. How many new bugs exist in version 7?
They will never be found by peer review of source code, but have
already been found, and turned into exploits, by the well funded
intel services of a few dozen countries. How many lives are you
willing to bet, over the next few years, on the proposition that
PGP 7.x has no remote access vulnerabilities? The answer to this
should be reflected in which version(s) of PGP you use and promote.
Open source is no guarantee of perfection, or even of security.
But closed source hides fatal flaws, and takes away any kind of
a "fighting chance" against well funded adversaries.
Back to where we started: PGP was originally designed with
human rights workers and political activists in mind. At least
some of them use PGP and trust it in dangerous situations. Not
all of them are informed enough to use PGP 2.6.3 from a DOS boot
floppy, when security really matters. Many will assume that
whatever the latest version is, will be the most secure version
to use. Bad Things will eventually happen. I am talking about
idealistic (some would say heroic) human beings raped, tortured,
and dumped in shallow graves.
PGP is not a toy. And NAI PGP 7.x is not PGP. As long as there
is a 1/10 of 1% chance that my saying so in public might save
one life, I will keep saying it. If you don't like it, killfile
me, I could not possibly care less.
:o)
Steve K
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8ckt06 http://www.ipgpp.com/
iQA/AwUBO3U/kk0LbMwPxGulEQIavgCdFi+JOI88ibNe38SF9k5rm5tIbBEAoMpZ
0oPkdVP6gqVzG5oXKdNBsl6f
=cM88
-----END PGP SIGNATURE-----
skeptic
Subject: Re: Warning: time to stop using PGP and new NAI products
Newsgroups: alt.security.pgp
Date: Thu, 09 Aug 2001 12:43:48 +0200
From: Imad R. Faiad <ma...@cyberia.net.lb>
*** PGP Signature Status: bad
*** Signer: Imad R. Faiad <ma...@cyberia.net.lb>
*** Signed: 01/08/09 4:43:46 AM
*** Verified: 01/08/11 10:37:33 AM
*** BEGIN PGP VERIFIED MESSAGE ***
Hello,
Could you post examples of the malformed signature
which cause PGP to crash?
..
~~~
This PGP signature only certifies the sender and date of the message.
It implies no approval from the administrators of nym.alias.net.
Date: Sat Aug 11 18:37:04 2001 GMT
From: ske...@nym.alias.net
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBO3V7UU5NDhYLYPHNAQHB/wf9HW0abjwEOmz/vTcP8n5s9adyTQvlEuyW
w5BbvcsZZP/mmhKgaW0kNidyyun/VeP+DTesnDuzh8hiPQYIxi6eNz+yoD+/cRfT
Ejk3GYbCRU9VWnD5LJlZkFj+i3wIdbNwNayJo+VOkAoVo4+s6BFB4AJJ72aEgEUF
QkbIMdl0SaureTNoZ+hVGv/wWM9fdVGXPzNWe3jNbt5uRVzfA0Kk5yhnO2w89xFQ
2EugDBdecC95A9WnaABgTHS00XX1jeI+xhdPtdeG9GwC8PTRJlLyNQeSSpmOg7P2
2Z5pzdGibohjcQ9oBcLgm90UHdKMIJcfKcXMUdKfUWjYPRzJzRY29A==
=66g5
-----END PGP SIGNATURE-----
Robert J. Hansen
> v7.x and Windows don't "deserve" good security because we use v7.x
In Sam's defense, I don't think he's a recent Linux convert. Nor have his
messages appeared to me to suggest that Win32 users don't deserve good
security.
Everyone deserves good security.
It's just that people who use Windows will not get good security, due to
the inherent insecurity of the Win32 codebase--and, where PGP is concerned,
the continuing unavailability of source code.
Nobody *deserves* to be raped over a cheese grater, privacywise. However,
using Windows makes it dramatically easier to have just that done to you.
I wish it wasn't so, and I think most of the reasonable, mature people on
the list will share in those wishes--but unfortunately, wishes are not
enough to effect a change in reality.
> Just out of curiosity - did you pour over the entire code for
> 6.5.8ckt 06 (including the GUI code - because as Sam often points
To the best of my knowledge, no one person has ever claimed to have audited
the entire PGP codebase for any version past 6.0. If anyone were to claim
they'd done a top to bottom audit, by themselves, I would not be inclined
to believe them. The codebase is simply too large for any one person to
keep it all in his/her head.
This is, tangentially, why opening the source is so important. A great
many people will each audit a manageable chunk of the code. If they find
any potentially-exploitable situations, they will share their results with
each other and, in time, vulnerabilities are exposed and bugs worked out.
Opening up the source code is not a cure; it is a treatment. Source
availability and modifiability does not guarantee a program that operates
securely; it merely guarantees that the users can slowly refine the program
to the Promised Land.
> Most users of PGP will not have the knowledge, experience, and/or
> time to pour over the code of each version we use - or even to
> accurately judge what others might say about it. This means that
> most of us must, at the end of the day, "trust" someone - be it PRZ,
> Imad, PGP development team, Werner and his GnuPG crew, or the
> countless "peers" most of us don't know - who are, perhaps each with
> their own personal agendas - pouring over the code as we sit and
> hope they are.
You are absolutely correct in this.
> code and roll our own. Those of us who are taking some steps, even
> though we're not following your preferred protocol, are still making
In a Victor Milan novel I read about ten years ago (_The Cybernetic
Samurai_, if I recall), one of the main protagonists asked another
protagonist whether or not she could trust him.
"You have to figure that one out on your own," he replied, "and don't ever
trust /anybody/ who tells you `yes'."
That is, without any doubt, the best and most succinct answer I can give to
the trust issue. The question isn't whether or not skeptic, Sam, Imad,
myself, or anyone else knows the One True Way. I have my own opinions, of
course--and I certainly think they're the correct ones--but it does not
matter what skeptic, Sam, Imad, or anyone else believes.
It matters what *you* believe.
If you've studied the issue, made an effort to become informed, and have
made a decision based on what you've learned, then--unless your reasoning
is completely and totally specious--the majority of intelligent crypto
weenies will give a polite nod and leave you alone.
The people who won't leave you alone, and attempt to browbeat you into
blindly accepting their beliefs, are not worth your time.
To hell with them.
> it's greater possibilities of security. I own Mandrake 8.0, and may
> someday soon install it - at least as a dual boot along with my
> Windows, so that I can learn more about it.
If you need help with it, there are a great number of people in the
newsgroup who would likely be willing to help out.
--
=====
Robert J. Hansen <rjha...@inav.net>
PGP Fingerprint: 23C8 C3D1 BBE7 C72D D17D D008 980E 18A7 82C2 392B
=====
Tom St Denis
>>Sam is a recent Linux convert who enjoys implying that users of PGP
>>v7.x and Windows don't "deserve" good security because we use v7.x
>>
>
> In Sam's defense, I don't think he's a recent Linux convert. Nor have his
> messages appeared to me to suggest that Win32 users don't deserve good
> security.
>
> Everyone deserves good security.
>
> It's just that people who use Windows will not get good security, due to
> the inherent insecurity of the Win32 codebase--and, where PGP is concerned,
> the continuing unavailability of source code.
Are you talking about the Win32 port of PGP or windows in general?
Geez I would love to see you access my disks over the net please :-).
Windows is not as bad as most make it out to be. You just have to
disable all Microsoft based software. I use Tiny [from RitLabs] to host
my web site. I use Mozilla to view the web/usenet. I use Winamp not
WM7, I use LCC-Win32 not MS VC. I do however use the Win32 OS... [duh!].
Basically the only good thing to ever come from Microsoft [other than a
few neat games] is a nice easy to use OS. It is leap years ahead of
Linux as it stands [but that's always changing].
Tom
Dave Howe
GMT]), Robert J. Hansen <rjha...@inav.net> said :
>In a Victor Milan novel I read about ten years ago (_The Cybernetic
>Samurai_, if I recall), one of the main protagonists asked another
>protagonist whether or not she could trust him.
>"You have to figure that one out on your own," he replied, "and don't ever
>trust /anybody/ who tells you `yes'."
trust, and you can then decide if your knowledge of me is good enough
you can inherit trust from me :)
well, not literally me - you don't know me from adam. but in generic
terms :)
--== DaveHowe ( is at) Bigfoot dot com ==--
allie°M
> It's just that people who use Windows will not get good security, due
> to the inherent insecurity of the Win32 codebase--and, where PGP is
> concerned, the continuing unavailability of source code.
Good security against what? What is good security? I always thought that
was a moving target and that good security in one situation may be
totally ineffective in another situation. A Windows user, concerned
about security, and knowledgeable in the ways of securing his system, as
well as knowledgeable in secure behaviour and practices can make a
Windows system secure enough for most Windows users out there.
-= allie°M =-
Sam Simpson
"Robert J. Hansen" <rjha...@inav.net> wrote in message
news:JuBd7.5015$ZM2.4...@newsread2.prod.itd.earthlink.net...
> > Sam is a recent Linux convert who enjoys implying that users of PGP
> > v7.x and Windows don't "deserve" good security because we use v7.x
>
> In Sam's defense, I don't think he's a recent Linux convert.
To be fair, I am.
> Nor have his
> messages appeared to me to suggest that Win32 users don't deserve good
> security.
>
> Everyone deserves good security.
This is where I slightly disagree. There is no such thing as "deserving
security", but rather my view is that "everyone gets precisely the level of
security they secure for themselves". Running closed source security apps
on a closed source platform is simply poor security practise, thus I really
lack sympathy when security breaks down and users get bitten.
<SNIP>
--
Sam Simpson
http://www.scramdisk.clara.net/
Topaz_Crow
I'd have to disagree with your 'leap years ahead' statement. As for
easy goes it all depends on what you are used to. I grew up with
the command line and I've used linux for so long, exclusively, that I
find it much easier to use than Windows.
Especially when it comes to security.
I'm not saying that you can't secure a Windows machine. But it is
less secure by default. Securing a Windows machine would be more
difficult for me than you because you use it and know it.
And the open source thing can't be beat. Every security tool I
have is open source. And I *have* the source code.
Just because it's got a stupid-proof, pretty gui does not make it
leap years ahead. It just makes the Internet susceptible to admins
that know how to click a button but nothing else. That's why we
are plagued by Code red now.
:)
--
Topaz Crow
No replies by email, sorry.
Reply to alt.anonymous.messages Subject: ATTN: Topaz Crow
PGP: DSS: 0x75D0E0E8 RSA: 0x75D0E0E8 GPG: 0xDD54E4CE
vedaal
Hash: RIPEMD160
"Melissa" <willkayakforfood@REMOVE_THISgmx.net> wrote in message
news:MPG.15e07d841...@news.coastaccess.com...
> I do feel that source code release is necessary, and I do hope that
> NAI management comes to their senses and releases it soon. Though
> I'm interested in certain features offered in v7.1, until the source
> code issue is resolved in favor of release, I'll not be going beyond
> v7.0.3. I've only gone this far because of my "trust" in PRZ's
> word, and the fact the earlier versions didn't get along with my
> current OS.
Melissa, we have no quarrel with you, but part of the history lesson would
be in order;
no one doubts PRZ's integrity, but notwithstanding his integrity and
sterling
commitment to human rights and security,
*he still missed the ADK flaw*
which respected cryptographers intuitively felt would be a problem, as soon
as
the ADK feature was released, but went along with him.
many new cryptographic features have been implemented in7.xx,
AES, Twofish, mdc packets, V4 rsa keys, new signatures, etc.
no one outside of NAI knows how they are implemented,
and PRZ's word, and integrity, serve only to tell us that he does not
*know*
of any flaw, and while we may believe this, it is not any more re-assuring
than the information that he did not *know* of the ADK flaw
the person who mentioned the overflow buffer problem did the most
responsible
thing under the circumstances:
alerted people that he thinks there is a problem,
privately e-mailed the description to someone capable of checking and
fixing it (Imad)
refused to release more information that (if correct) would jeopardize pgp
7.xx and all that are using it,
until the flaw could be fixed.
i love pgp, i respect Imad, i disagree with Sam about rsa vs dh keys,
i hope 7.xx releases source code and proves to be carrying on the great pgp
tradition,
but fwiw,
i would rather *trust* open source gpg that Imad can warn about which
circumstances not to use it in,
than closed 7.03 with PRZ's word, {even though i *believe* his word}
suggest you consider 6.5.8ckt build 6, with Imad's mdc fix, leave out pgp
net,
and it should serve you well in win ME
with your 'security' interest at heart,
and with the hope that this 'might' shake up NAI,
vedaal
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt build_6_(mdc-fixed) http://www.ipgpp.com/
Comment: { Acts of Kindness better the World, and protect the Soul }
iQEVAwUBO3csGmoFoLeFMG0lAQPCtQf8DKwu5zIVF2peFGX9y/ifsBYzdIDc14OQ
mJ+yc6plACbeE+y6Ec/C0m7v4FC4juCHFbe2LO0SecllZj7pHYtUcUdaPsM1Il8J
rTJ2crOY6VMAqmDWvrt8VX98sd6tQ7asU7k7qyAaHbHE4URETFxPD2ZXQ9LNqD+b
D0YYKwBcHn+hEnW5RllltndcMO2+2IHpF1Fh2uBmf0gy+gS7ycg+W539m+dQ1oSV
W7YPydindzQvd7fbTW/xov1XSsUQr0nYGe9UdOJmbtmX7oQzCjH2bqj/cKUr9IA6
kwEeqqyRM0vA8MV2KaWLe3j61bw6K5nKJ2edx4FFTBMZQCllFGhfuA==
=P3fU
-----END PGP SIGNATURE-----
Robert J. Hansen
> *he still missed the ADK flaw*
Hal Finney missed the ADK bug (in fact, he was the one who coded it).
Phil hasn't written a line of code, or to my knowledge audited a line of
code, in years. His oversight in recent years was managerial, not
technical.
> which respected cryptographers intuitively felt would be a problem, as
> soon as the ADK feature was released, but went along with him.
The ADK feature/bug (depending on how you look at it) was implemented at
the request of PGP's corporate customers, many of whom were actively
against the idea of their employees being able to send/receive emails at
work which they could not read. The ADK feature/bug was implemented at the
loud request of NAI's corporate customers, not private individuals.
Businesses exist to make money, and if businesses don't give customers what
they want, businesses won't make money. NAI was caught between a rock and
a hard place on this one.
GnuPG, since it is not run by a business, is free to ignore the demands of
the enterprise. In some ways, this is to GnuPG's advantage.
> no one outside of NAI knows how they are implemented,
I beg to differ. There are a significant number of people outside NAI who
know how they are implemented, because they /worked/ on PGP, then left NAI.
If there were significant, glaring errors in these features, I would think
that at least one or two former PGP employees would have come forward to
publicize the weaknesses.
> with your 'security' interest at heart,
That is a very clear sign that you're not to be trusted, you know.
"Good intentions will always be pleaded for every assumption of authority.
It is hardly too strong to say that the Constitution was made to guard
the people against the dangers of good intentions. There are men in all
ages who mean to govern well, but--they mean to govern. They promise to
be good masters, but--they mean to be masters."
-- Daniel Webster
Anyone who claims to have "your best interests at heart" is automatically
not to be trusted. Nine times out of ten, people who claim this have
already in their hearts deemed themselves to be your master.
vedaal
Hash: RIPEMD160
"Robert J. Hansen" <rjha...@inav.net> wrote in message
news:ZyHd7.6101$ZM2.5...@newsread2.prod.itd.earthlink.net...
> > commitment to human rights and security,
> > *he still missed the ADK flaw*
>
> Hal Finney missed the ADK bug (in fact, he was the one who coded it).
>
> Phil hasn't written a line of code, or to my knowledge audited a line of
> code, in years. His oversight in recent years was managerial, not
> technical.
all the more reason why his *word* may not be enough
> > no one outside of NAI knows how they are implemented,
>
> I beg to differ. There are a significant number of people outside NAI
> who know how they are implemented, because they /worked/ on PGP, then
> left NAI.
> If there were significant, glaring errors in these features, I would
> think that at least one or two former PGP employees would have come
> forward to publicize the weaknesses.
but what if the weaknesses were just as 'unglaring' as the ADK bug,
they would not be noticed until too late
Even though, as Tom McCune pointed out, the ADK bug was not found by
examining the source code
{it was found by examining the key structure that allowed for ADK, }
the first fix was done by Imad upon examining the source code
{as was the fix of his for the ascii parser bug and the Klima Roza
vulnerability}
> > with your 'security' interest at heart,
>
> That is a very clear sign that you're not to be trusted, you know.
>
> "Good intentions will always be pleaded for every assumption of
> authority.
> It is hardly too strong to say that the Constitution was made to guard
> the people against the dangers of good intentions. There are men in all
> ages who mean to govern well, but--they mean to govern. They promise to
> be good masters, but--they mean to be masters."
>
> -- Daniel Webster
>
> Anyone who claims to have "your best interests at heart" is automatically
> not to be trusted. Nine times out of ten, people who claim this have
> already in their hearts deemed themselves to be your master.
good cautious advice, but a sad commentary on our troubled times,
when one feels that someone might be making a mistake and points it out
straighforwardly, is suspect to the point of 'automatically' not to be
trusted;
and a great dis-service and obstacle to the {is it really such a small
ratio?}one of ten that tries to not to remain
silent while worrying that another may un-knowingly take a harmful path
it might be more prudent to base one's trust or distrust on one's knowledge
of the individual involved,
rather than on the choice of form of the closing greeting
vedaal
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt build_6_(mdc-fixed) http://www.ipgpp.com/
Comment: { Acts of Kindness better the World, and protect the Soul }
Comment: KeyID: 0x6A05A0B785306D25
Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA
iQEVAwUBO3dWKGoFoLeFMG0lAQMFIAf/dBVjzN5U5NA8NfCQ2hy7jDXe6HpqMcCJ
iL1chrczcX08NFP+DV6zqOcup0Aw2k5au9NKYM2pmHCk6uADl+GNpdCXYuuHphjV
EsaTwhT3w1relIfSuIGjloV5Nsjy4j12IwyYCM/Hw8gWCuFTRxorAnrMPpY0fQb6
sbAHtqW6GB9D8+Ki3LZI70a6DPeRKu0z/EvthW5JhDNqEUSnV1R3sfx1bUdktRlH
LyxYRKXnllq4MYU1etrWudGN487B2dCb0rbjoUXmnf57ZruSDbPrPdgvHiIE0WRO
Vy7wKLmLHUYfWtbDrt4mS476o/nMm/1W2FpEE8TqQxErLNwvOXo4KA==
=ThpS
-----END PGP SIGNATURE-----
Robert J. Hansen
You misunderstand. You said Phil missed the ADK bug. Phil didn't `miss'
the ADK bug, because Phil was never looking for the ADK bug. You can't
claim that Phil missed the ADK bug, any more than you can claim that I
missed illegal immigrants entering the country through El Paso tonight.
I'm not an INS agent, I don't live in El Paso, I didn't miss anything.
Phil isn't the one who coded the ADK feature/bug, he didn't audit the ADK
feature/bug, therefore, he didn't miss a thing.
Put the blame for missing the ADK flaw on the right person. In this case,
the right person is... not Phil.
> but what if the weaknesses were just as 'unglaring' as the ADK bug,
> they would not be noticed until too late
That isn't what you said. You said, "no one outside of NAI knows how they
are implemented", which is demonstrably false. There *are* people outside
of NAI who know how they're implemented. Your statement is false.
> good cautious advice, but a sad commentary on our troubled times,
Never in history has it been any different.
> when one feels that someone might be making a mistake and points it out
> straighforwardly, is suspect to the point of 'automatically' not to be
I didn't correct you because I felt you're not to be trusted. I corrected
you because you're wrong, which is a much different thing.
Sam Simpson
"Robert J. Hansen" <rjha...@inav.net> wrote:
>> all the more reason why his *word* may not be enough
>
> You misunderstand. You said Phil missed the ADK bug. Phil didn't
> `miss' the ADK bug, because Phil was never looking for the ADK bug.
Of course, you're making assumptions about PRZ's role in later versions
of PGP.
We know he didn't code at all, but there is nothing to say he hasn't
reviewed source code etc.
> You
> can't claim that Phil missed the ADK bug, any more than you can claim
> that I missed illegal immigrants entering the country through El Paso
> tonight. I'm not an INS agent, I don't live in El Paso, I didn't miss
> anything.
>
> Phil isn't the one who coded the ADK feature/bug, he didn't audit the
> ADK feature/bug,
How do you know?
> therefore, he didn't miss a thing.
>
> Put the blame for missing the ADK flaw on the right person. In this
> case, the right person is... not Phil.
Of course, PRZ shouldn't have let the feature be implemented, but that's
another story...
>> but what if the weaknesses were just as 'unglaring' as the ADK bug,
>> they would not be noticed until too late
>
> That isn't what you said. You said, "no one outside of NAI knows how
> they are implemented", which is demonstrably false. There *are* people
> outside of NAI who know how they're implemented. Your statement is
> false.
>
>> good cautious advice, but a sad commentary on our troubled times,
>
> Never in history has it been any different.
>
>> when one feels that someone might be making a mistake and points it out
>> straighforwardly, is suspect to the point of 'automatically' not to be
>
> I didn't correct you because I felt you're not to be trusted. I
> corrected you because you're wrong, which is a much different thing.
--
Sam Simpson
<willkayakforfood@remove_thisgmx.net> wrote:
> In article <3b753eac...@news.mpinet.net>, Steve K
> <nob...@nowhere.com> wrote...
>
>> Since you are fairly new to all this PGP stuff, allow me to provide a
>> brief history lesson.
>
> Hello Steve K,
>
> I thank you for your condescension, but I'm not in need of a PGP history
> lesson. Though just over a year and a half of usage out of a ten year
> history of PGP is admittedly "fairly new", it's plenty of time for me to
> have read up on PGP history - which I have.
OT question: where have you read your history? I've ready every PGP
specific book going and most books on crypto, and still find things about
PRZ / PGP in new books.
> If you're trying to
> determine the extent of my PGP experience by looking only at the date of
> creation on the key(s) I currently use in Usenet, you're looking in the
> wrong place. My oldest keys, which I don't use here, are from the
> beginning of 2000 - very shortly after I started using the Internet at
> all. The key I'll use to sign this message was just created yesterday -
> though I've signed it with the key you're used to seeing me sign with.
>
> I thought about answering your post point by point in line, but it
> seemed pointless, as I feel we're not so much disagreeing, but talking
> (typing) past each other. I will try to address a few of your points
> though...
>
> I do feel that source code release is necessary, and I do hope that NAI
> management comes to their senses and releases it soon. Though I'm
> interested in certain features offered in v7.1, until the source code
> issue is resolved in favor of release, I'll not be going beyond v7.0.3.
> I've only gone this far because of my "trust" in PRZ's word, and the
> fact the earlier versions didn't get along with my current OS.
>
> I guess my inappropriately "flippant" response to your earlier post was
> a product of my mounting frustration with what I perceive as a "my way
> is the only true path" attitude coming from a few of you
> - even though
> each of you are coming from slightly different angles (the "few of you"
> for the moment, being Sam, "skeptic", and yourself).
>
>
> Sam is a recent Linux convert who enjoys implying that users of PGP v7.x
> and Windows don't "deserve" good security because we use v7.x and
> Windows.
You can use "security products" that clearly ignore Security Engineering
principles, but I'll still whine and bitch about the fact ;)
> "skeptic" just loves to keep smugly repeating that "classic
> PGP 2.6.2" is the one and only true path.
And shuts up-quick when you point out that PRZ says "...[md5] all but
broken..." ;)
> You, though using a hacked
> version of NAI PGP "bloatware" for "insecure" Windows, and using PGP's
> original intent, and PRZ's prosecution and honorable defense of his
> principles as an example of what "true PGP" should be about, go on to
> question the very integrity (PRZ's) you you claim to hold up as an
> example. I'm talking here about what he said about v7.0.3 upon leaving
> NAI:
>
> http://www.philzimmermann.com/text/PRZ_leaves_NAI.txt (Please see second
> half of paragraph two)
>
> Just out of curiosity - did you pour over the entire code for 6.5.8ckt
> 06 (including the GUI code - because as Sam often points out, this adds
> needless complexity, and therefore further threatens security) and
> decide it was good before you compiled your own copy from that source?
>
> Did you confirm to your own satisfaction that all enhancements, patches,
> and additions Imad made to the NAI code for 6.5.8 didn't compromise any
> security - even in some small obscure way(s)?
I've audited the changes Imad made in the version of CKT I used.
> When 6.5.8ckt went from
> build 05 to 06, did you again pour over the source and re-compile a
> fresh copy for yourself? Or - like most other people - did you simply
> read the "readme", *trust* that Imad knows what he's doing, and that
> countless faceless "peers" are busy pouring over every byte of the very
> same code, and install the provided pre-compiled binary on your
> "insecure" Windows system?
>
> I have no reason to implicitly distrust Imad, nor do I have any reason
> to implicitly trust him. From all I've heard and read, I can be *pretty
> sure* that he does indeed know what he's doing, that his intentions are
> all in the right places, and that his hacked versions are sound, but
> there's still lots of room for pure speculation in that type of "trust"
> - and a required "leap of faith" as well. Just, I suppose, as it is for
> someone like me who, though unhappy about lack of source code release to
> date, is willing to place my "trust" in the word of PRZ with regards to
> the integrity of v7.0.3. As far as I'm concerned, his integrity and
> public record reputation with regards to PGP is still second to none.
> It would even require me to "trust" if some "peer" I've never heard of
> jumps out of the woodwork, says that he or she has read every byte of
> code in some PGP version, and proclaims it "safe".
>
> Most users of PGP will not have the knowledge, experience, and/or time
> to pour over the code of each version we use - or even to accurately
> judge what others might say about it. This means that most of us must,
> at the end of the day, "trust" someone - be it PRZ, Imad, PGP
> development team, Werner and his GnuPG crew, or the countless "peers"
> most of us don't know - who are, perhaps each with their own personal
> agendas - pouring over the code as we sit and hope they are.
>
> You asked me how many lives am I willing to bet by using and "promoting"
> the particular closed source version I'm using (referencing the human
> rights workers in potentially hostile environments needing secure
> encryption). For several reasons, not the least of which is practical
> portability, v2.6.2 from a floppy disk still seems the most reasonable
> solution for people in that situation. With that in mind, *that* is the
> version I might "promote" for that type of environment. How many lives
> are you willing to bet by using and promoting NAI PGP 6.5.8 hacked into
> "ckt build 06" - on Windows no less? If I were in such a situation, I
> don't think that any large Windows GUI version would do - including
> 6.5.8ckt 06.
>
> For my own purposes, sitting here at my home computer, v7.0.3 offers
> what I currently want. Though I'm no "computer expert" by any stretch
> of the imagination, I have taken quite a few more steps than *most*
> people do to protect my online privacy, that of my correspondents, and
> to secure my "inherently insecure" Windows system. Both by learning
> about and practicing "safe computing practices", and carefully
> selecting, installing, and maintaining certain bits of software.
But running them on Win9x? If you have to use a MS OS and want security
then you'd have to use NT / W2k.
> Short
> of inviting you into my home to install key logging software and a
> Trojan on my computer, I invite you to try and compromise my PGP
> encrypted mail, PGPdisk and Scramdisk volumes, etc.
300,000 odd machines infected with Code Red thanks to MS programming
practices, countless millions infected with ILOVEYOU, Sircam etc. And
all because MS refuse to acknowledge good security engineering.
> Each of us has our own perceived needs for privacy and security. Our
> individual needs and requirements are relative - each according to our
> own criteria. I believe that there can be different solutions for each
> of us, and that the solutions are more involved than just the choice of
> a particular PGP version and/or Operating System. At the end of the
> day, those of us who choose to *do something* towards greater privacy
> protection and security for ourselves and our online correspondents, are
> doing more than if we just "give up" because we don't have the expertise
> to scrutinize code and roll our own. Those of us who are taking some
> steps, even though we're not following your preferred protocol, are
> still making even your online environment more secure than if we were to
> do nothing, being intimidated by the strict "requirements" of those who
> would tell us that because of our lack of computer expertise, we don't
> "deserve" good security.
Good point. But my underlying point remains: "you get the level of
security you provide for yourself". In your case, I guess "it's enough"
at the moment.
> I respect what you, Sam, and "skeptic" say - and even agree with many
> general principles expressed by each of you. I also respect what PRZ
> says. I have a good feeling about Imad's reputation - though I don't
> know as much about him as I do about PRZ. I'm intrigued enough by GnuPG
> to have installed it on my system - alongside PGP, and continue to learn
> about it. I'm even reading up on Linux systems - out of curiosity
> sparked by all the talk about it's greater possibilities of security. I
> own Mandrake 8.0, and may someday soon install it - at least as a dual
> boot along with my Windows, so that I can learn more about it.
>
> My eyes and ears are not closed to the ideas presented by people who
> obviously - and/or apparently - know more about these things than I do
> (not a terribly difficult distinction to achieve), nor do I make my
> decisions about security/privacy software and it's usage lightly. I
> would just appreciate it, and feel it would benefit a greater number of
> people - yourselves included - if a few of you could manage to be a
> little less smug in your elitism. At least try to accept that us
> "lesser mortals" also "deserve" good security, and that perhaps, even if
> you disagree with our choices, accept the idea that we are not
> necessarily idiots just because we've come to some different conclusions
> than you have. In spite of ourselves, we may have even stumbled upon
> very workable solutions for our current situations.
Points taken onboard, thanks.
Robert J. Hansen
> of PGP.
I believe it's a matter of record that PRZ's role was managerial, not
technical. Could be wrong.
> Of course, PRZ shouldn't have let the feature be implemented, but that's
> another story...
PRZ didn't have any choice in the matter. Enterprise customers were
demanding it and NAI management insisted the feature be implemented. At
that point, the only matter to resolve was how to implement it.
The willingness of NAI management to roll over for enterprise customers is
one of the major reasons why I am not optimistic about PGP's future.
Author
further down for the facts, my opinions take up the start :-)
:rant on...
Before I continue - I am saddened to note that my original point
continues to elude everyone. Yes, this overflow exploit is bad,
and maybe closed source etc are bad too - but my *point* was
the continued disinterest from NAI after my efforts to alert them
about the problem. (my apologies if Imad is NAI - but if not,
I've not heard from anyone there still!). This is the 3rd piece of
unimpressive behavior I've witnessed from NAI now.
1) not letting people combine crypto algorithms: why can't I use
*all* the available ciphers in whatever order I choose - why do I
always have to pick just one of each kind? They are forcing me to
hope that my chosen ciphers remain unbroken, when the solution to
this problem is a mere few extra days of their coding!
2) not giving trojan protection. We read time and time again of people
having their passphrase sniffed or stolen, and also read lots of
peoples ideas to fix this problem - whether or not the fix works
100%, it's disgraceful that they do nothing. Especially now that
we see the FBI harping on about how important their sniffer
technology is to crime investigation; it's almost like NAI are not
*allowed* to solve this IMHO.
3) this bug - now that I read they fixed another bug in the same place
as this one resides, it's unforgivable that this bounds overflow
problem arose for 3 reasons: (1) they should not have changed code
that was not related to the original logic error - why are they
poking around in something so basic as ascii decoding that's worked
without programming bugs since v1.0? and (2) overflow exploits are
*SO* well known - how can any programmer working for NAI be so
careless as to allow this to happen?, finally (3) How the hell did
this product get released? I thought every responsible company had
a battery of quality-assurance tests to throw at products before
release? This problem is so obvious, it makes me wonder if they
perform any quality tests at all?
:rant off...
Imad has tried several PGP versions, and only the windows v7.0.3
causes a crash.
I beleive this is is therefore an extension of the "ascii armor parsing
bug" - it is different, but it still results in the opportunity for an
attacker to run arbitrary code on your PC by messing with the
ASCII armor.
Version 7.1 does not crash, which might mean that PGP already
know about this problem and have fixed it.
So, as for Melissa's statements:-
>I'll not be going beyond v7.0.3.
and
>Short of inviting you into my home to
>install key logging software and a Trojan on my computer, I invite
>you to try and compromise my PGP encrypted mail, PGPdisk and
>Scramdisk volumes, etc.
this is a particularly unwise invitation, since this exploit would
seem to offer the opportunity to immediately compromise all the above
via the remote installation of anything using this bug!
Here is Imad's email, I hope I had permission to paste it here:-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
I downloaded the official PGP 7.0.3, and PGP 6.5.3,
both, the desktop security versions, and did
some testing.
PGP 7.0.3 crashed with the following error message:-
"PGPtray has caused an error in PGPSDK.DLL
Pgptray will now close."
PGP 6.5.3, exhibited the same behavior as whenac
one attempts to decode a message which is signed
with a sub-key i.e. nothing happens.
And finally, as I had informed you before, PGP 7.1
appears to have captured the malformed packets,
and displayed the following error message:-
"Error Bad Parameter"
So, NAI appear to have fixed this problem in
PGP 7.1.
It is a good idea that you post a follow up message
on usenet about it.
Best regards
Imad R. Faiad
Sam Simpson
"Author" <c...@cotse.com> wrote:
> Imad has done some testing, and asked that I post a followup. See
> further down for the facts, my opinions take up the start :-)
>
> :rant on...
>
> Before I continue - I am saddened to note that my original point
> continues to elude everyone. Yes, this overflow exploit is bad, and
> maybe closed source etc are bad too - but my *point* was the continued
> disinterest from NAI after my efforts to alert them about the problem.
How did you alert them?
> (my apologies if Imad is NAI - but if not, I've not heard from anyone
> there still!).
Nope, Imad is not NAI.
> This is the 3rd piece of unimpressive behavior I've
> witnessed from NAI now.
Just the 3rd? You're new to this? ;)
> 1) not letting people combine crypto algorithms:
> why can't I use
> *all* the available ciphers in whatever order I choose - why do I
> always have to pick just one of each kind? They are forcing me to
> hope that my chosen ciphers remain unbroken, when the solution to
> this problem is a mere few extra days of their coding!
IMO, nai were probably right in this instance. There are problems
associated with using multiple algorithms in this way and the "benefits"
are probably small anyway.
> 2) not giving trojan protection. We read time and time again of people
> having their passphrase sniffed or stolen, and also read lots of
> peoples ideas to fix this problem - whether or not the fix works
> 100%, it's disgraceful that they do nothing. Especially now that we
> see the FBI harping on about how important their sniffer technology
> is to crime investigation; it's almost like NAI are not *allowed* to
> solve this IMHO.
This is not an application level bug IMO. Blame the OS, the underlying
hardware and users that aren't more careful.
> 3) this bug - now that I read they fixed another bug in the same place
> as this one resides, it's unforgivable that this bounds overflow
> problem arose for 3 reasons: (1) they should not have changed code
> that was not related to the original logic error - why are they
> poking around in something so basic as ascii decoding that's worked
> without programming bugs since v1.0?
I'm sure they didn't change the coding for no reason, but I do see your
point.
> and (2) overflow exploits are
> *SO* well known - how can any programmer working for NAI be so
> careless as to allow this to happen?,
Why isn't is compiled with "stack smashing" protection? Why isn't the OS
built to prevent this kind of attack?
> finally (3) How the hell did
> this product get released? I thought every responsible company had a
> battery of quality-assurance tests to throw at products before
> release? This problem is so obvious, it makes me wonder if they
> perform any quality tests at all?
It's going to be impossible for NAI to test PGP with every single
mis-constructed signature etc.
All programs have bugs, it's the way NAI handle them that depresses me.
> :rant off...
>
> Imad has tried several PGP versions, and only the windows v7.0.3 causes
> a crash.
>
So they've fixed for 7.1?
Imad R. Faiad
Hello Chris,
On Mon, 13 Aug 2001 18:49:14 +1000, in alt.security.pgp "Author"
<c...@cotse.com> wrote:
>3) this bug - now that I read they fixed another bug in the same place
> as this one resides, it's unforgivable that this bounds overflow
> problem arose for 3 reasons: (1) they should not have changed code
> that was not related to the original logic error - why are they
> poking around in something so basic as ascii decoding that's worked
> without programming bugs since v1.0? and (2) overflow exploits are
> *SO* well known - how can any programmer working for NAI be so
> careless as to allow this to happen?, finally (3) How the hell did
> this product get released? I thought every responsible company had
> a battery of quality-assurance tests to throw at products before
> release? This problem is so obvious, it makes me wonder if they
> perform any quality tests at all?
>
To be fair I do not believe that the ASCII armor vulnerability and this
one are related in any way.
The former was in the user interface part of the program, and was
windows specific.
While the later is no doubt some un-handled exception in the parser part of
the program. Hence the crash is occurring in the PGPSDK.DLL.
Finally, there are many ways to crash any version of PGP, including PGP
7.1.
Best Regards
Imad R. Faiad
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQEVAwUBO3ePcLzDFxiDPxutAQHQjwf+OOsD9MezifL7p3g0KIEPNop/ODR60mlH
lyu4WRRYFuWW04q7rdhRBR/EvZGe+N/UNWNUh5gNKXtVmpe+oBSPevMeJiJ7Ipsx
rx3YlzWytrJB7omrV3YdQ92FriQrXVqcAWFHQvPgfg+1RE+2jE+CH3v1hWD5S64h
Wff/6JgjVKE/rK1RxL0bKFBsXYBuM0h1+s08Sblk+OSbfun/quFnhVHX0zex4Fys
6zlnp74a7TNrtUKRZtHnuZ/5L/4PmPcyZwONf2befnlI8VprMOlL9hajA7uIXVX/
OaAkfQd2IQgp+s5aQI3uOtU2Op7glrd5rCwkfQOs8jIc0OzsKm5S2g==
=17CZ
-----END PGP SIGNATURE-----
Will Price
Hash: SHA1
Interesting how an anonymous poster posts a message claiming that he
has found an "exploit" and a "buffer overflow", and some people
actually seem to have believed him. PGP has a long history of
immediate response to any serious security issue. If there were a
security issue here, PGP would have responded.
There isn't. There is no buffer overflow here. There is no "exploit".
Just because something crashes does not mean it crashes in a way
which is susceptible to such attacks. The bug here, which was fixed
very long ago and included in 7.1, is not the kind of bug which is
susceptible to any such attack. The only reason to upgrade for this
fix is if you're desparate for increased compatibility with
incorrectly formatted messages.
This is another example of the disturbing trend I've noted before
where unqualified individuals label their bug reports as exploits or
vulnerabilities -- presumably in order to garner more attention for
themselves.
Author wrote:
> Before I continue - I am saddened to note that my original point
> continues to elude everyone. Yes, this overflow exploit is bad,
> [...]
> Imad has tried several PGP versions, and only the windows v7.0.3
> causes a crash.
> [...]
> Version 7.1 does not crash, which might mean that PGP already
> know about this problem and have fixed it.
- --
Will Price, Director of Engineering
PGP Security, Inc.
a division of Network Associates, Inc.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBO3hfSay7FkvPc+xMEQJ3RQCfWkAA60xh31BvZZsqCiwW4+3tk9IAoPNv
E8Vvt27RCyBA0dJz3nPGyU7i
=LZMA
-----END PGP SIGNATURE-----
Sam Simpson
disturbing trend reflecting how poor the response from any NAI department
is.
Two questions:
1) Did the Anonymous poster really submit a bug report?
2) Did anybody even bother to get back to the guy, even just to say "It's
fixed in v7.1"?
Could you describe the problem and the fix? (I'd audit the source code,
but.....). I'm interesting to hear your comment that "crashes does not mean
it crashes in a way which is susceptible to such attacks". A whole new
class of attacks have been named in the last couple of years: "Denial of
service". If I can crash PGP services etc on a remote machine (that may
well be unattended and processing mail via an engine) then this is an attack
IMO.
--
Sam Simpson
http://www.scramdisk.clara.net/
"Will Price" <wpr...@cyphers.net> wrote in message
news:3B785F76...@cyphers.net...
Author
> PGP has a long history of immediate response to any serious security
issue.
Pity you did not read the original post, or my followups. The exploit was
not the point - the point was the month that elasped before I thought to
email you directly, and nobody took any notice of my bug report.
> There isn't. There is no buffer overflow here. There is no "exploit".
> Just because something crashes does not mean it crashes in a way
> which is susceptible to such attacks.
Will, I am dissapointed that you have pooh-pooh'ed this. Firstly, you
should have said "thanks for letting us know we have a problem", then
you should have made sure you knew you were right:-
Here's the crash details an ICQ recipient sees:-
ICQ caused an invalid page fault in
module PGPSDK.DLL at 018f:0210cfd4.
Registers:
EAX=0228528b CS=018f EIP=0210cfd4 EFLGS=00010216
EBX=00000000 SS=0197 ESP=0356fb20 EBP=0356fbe8
ECX=02285288 DS=0197 ESI=02285264 FS=10ff
EDX=00000000 ES=0197 EDI=02285264 GS=0000
Bytes at CS:EIP:
ff 53 0c 83 c4 14 89 45 00 85 c0 0f 85 67 02 00
Stack dump:
00000000 02285264 00000902 0228528b 0000006f 02285264 02285264 0356fbe8
02399910 00000000 0210d23f 02285264 022881a4 00000003 0356fbe8 02399e50
So what, you may (but seem not to have) ask, was the CPU trying to do when
it crashed?
FF530C CALL [BP+DI+0C]
Now, I realize the DI points directly to application data (probably
the partially decoded signature) which isn't much use as a stack
offset, but this is a pretty clearcut and dangerous place to crash.
No big deal if it was a MOV instruction or something, but this is
trying to *transfer control* directly to a malformed address. I don't
have time to trace the bug to find out how the wrong value got into DI
in the first place, but it clearly got there - so it shows DI is
at least partially manipulable - this is a classic exploit.
And no, I never looked at this before, so I could have been wrong
in my earlier ranting - I only just bothered now to see if you were
on top of this...
> The only reason to upgrade for this
> fix is if you're desparate for increased compatibility with
> incorrectly formatted messages.
I mentioned that this is a very effective DoS attack. That seems to be
a really good reason, even alone.
Sending this malformed sig to an ICQ user means they can no longer
use ICQ until they physically delete you from their contact book.
Every time they double-click the flower, it crashes again. You have
to already know how to open ICQ without reading your incoming
messages in order to salvage the wreckage.
I suspect this also prevents the email plugins from verifying signatures
subsequent to their crash (if they crash - I didn't test).
> This is another example of the disturbing trend I've noted before
> where unqualified individuals label their bug reports as exploits or
> vulnerabilities -- presumably in order to garner more attention for
> themselves.
Well, I do happen to be qualified, and you already knew that, assuming
you keep past emails?
What are your qualifications with relation to stack overflow exploits?
Why should we believe what you say in preference to what I say? ie:
prove this was not an exploit: how does EDI get used as a stack offset
instruction target when it's got the wrong data in it, and how does
EDI get that wrong data?
> > Version 7.1 does not crash, which might mean that PGP already
Imad mentions he has numerous other malformed packets which crash
7.1, by the way...
Will Price
Hash: SHA1
Author wrote:
> > PGP has a long history of immediate response to any serious
> > security issue.
> Pity you did not read the original post, or my followups. The
> exploit was not the point - the point was the month that elasped
> before I thought to email you directly, and nobody took any notice
> of my bug report.
Since the bug was fixed internally early this year well before your
message, a fixed version had already been released, and there was no
security issue involved, I'm unsure what ground you have to stand on
which implies that your email should have had a response. If you have
a support agreement from a commercial version of PGP and you did not
get a reply, you should certainly take that up with the appropriate
support representative. Regardless, I never saw the email (until you
sent it to me this morning), so there's really nothing I can do about
the past.
> > There isn't. There is no buffer overflow here. There is no
> > "exploit". Just because something crashes does not mean it
> > crashes in a way which is susceptible to such attacks.
>
> Will, I am dissapointed that you have pooh-pooh'ed this. Firstly,
> you should have said "thanks for letting us know we have a problem"
Well, I guess that's relative because in fact we didn't have a
problem. It was fixed and released months before you emailed anyone.
> then you should have made sure you knew you were right:-
>
> Here's the crash details an ICQ recipient sees:-
>
> [...]
So you're claiming that a message which causes a user interactive app
to crash is a DoS attack? I don't think so. I'm quite certain that I
could construct a great many messages which have nothing do with PGP
which will cause your ICQ client to crash. Sometimes ICQ crashes
without any messages at all. ICQ was clearly not designed with
prevention of such things in mind.
And, I do know I'm right because I know what the source code is
doing, and I can see that the place it crashes is not a buffer
overflow. The nature of the crash is not such that it could be
exploited.
> [...]
> > > Version 7.1 does not crash, which might mean that PGP already
> Imad mentions he has numerous other malformed packets which crash
> 7.1, by the way...
We are always interested in message constructions which may cause us
to crash. Please feel free to forward me any such messages directly.
Remember though that I am not in support, and there is no way I could
ever respond to all of my email. I can however make sure that any
genuine bugs get fixed.
Thanks.
- -- Will
Will Price, Director of Engineering
PGP Security, Inc.
a division of Network Associates, Inc.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBO3i4vKy7FkvPc+xMEQJRrwCg1TIdWD6d3DfV+w+aSOC5Q4KaifgAoMc1
iPG60Vtxp4/5twpNg/pZ8waI
=VDxW
-----END PGP SIGNATURE-----
Sam Simpson
<wpr...@cyphers.net> wrote:
> Author wrote:
>> > PGP has a long history of immediate response to any serious security
>> > issue.
>> Pity you did not read the original post, or my followups. The exploit
>> was not the point - the point was the month that elasped before I
>> thought to email you directly, and nobody took any notice of my bug
>> report.
>
> Since the bug was fixed internally early this year well before your
> message, a fixed version had already been released, and there was no
> security issue involved, I'm unsure what ground you have to stand on
> which implies that your email should have had a response.
Typical NAI. It's called courtesy.
> If you have a
> support agreement from a commercial version of PGP and you did not get a
> reply, you should certainly take that up with the appropriate support
> representative. Regardless, I never saw the email (until you sent it to
> me this morning), so there's really nothing I can do about the past.
Fix the system so customer comments (esp. related to security) aren't
rudely ignored, for a start.
>> > There isn't. There is no buffer overflow here. There is no "exploit".
>> > Just because something crashes does not mean it crashes in a way
>> > which is susceptible to such attacks.
>>
>> Will, I am dissapointed that you have pooh-pooh'ed this. Firstly, you
>> should have said "thanks for letting us know we have a problem"
>
> Well, I guess that's relative because in fact we didn't have a problem.
> It was fixed and released months before you emailed anyone.
>
>> then you should have made sure you knew you were right:-
>>
>> Here's the crash details an ICQ recipient sees:-
>>
>> [...]
>
> So you're claiming that a message which causes a user interactive app to
> crash is a DoS attack? I don't think so. I'm quite certain that I could
> construct a great many messages which have nothing do with PGP which
> will cause your ICQ client to crash. Sometimes ICQ crashes without any
> messages at all. ICQ was clearly not designed with prevention of such
> things in mind.
>
> And, I do know I'm right because I know what the source code is doing,
> and I can see that the place it crashes is not a buffer overflow. The
> nature of the crash is not such that it could be exploited.
Right, and we can check too. Oh no, of course we can't.
>> [...]
>> > > Version 7.1 does not crash, which might mean that PGP already
>> Imad mentions he has numerous other malformed packets which crash 7.1,
>> by the way...
>
> We are always interested in message constructions which may cause us to
> crash. Please feel free to forward me any such messages directly.
> Remember though that I am not in support, and there is no way I could
> ever respond to all of my email. I can however make sure that any
> genuine bugs get fixed.
>
> Thanks.
> - -- Will
>
> Will Price, Director of Engineering
> PGP Security, Inc.
> a division of Network Associates, Inc.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
>
> iQA/AwUBO3i4vKy7FkvPc+xMEQJRrwCg1TIdWD6d3DfV+w+aSOC5Q4KaifgAoMc1
> iPG60Vtxp4/5twpNg/pZ8waI
> =VDxW
> -----END PGP SIGNATURE-----
Thomas J. Boschloo
> The willingness of NAI management to roll over for enterprise customers is
> one of the major reasons why I am not optimistic about PGP's future.
What NAI Management fails to see is that without consumer support, PGP
is useless to communicate with them for coorporations. Still, I don't
suspect that NAI management feels involved enough with their products to
read this group. (At least, the ones that pull the strings, not Will
Price or Greg Jensen whos presence I truly admire).
Thomas
--
Bruce Schneier: "The New York Times" has the legal right to publish
secret government documents, unless they are protected by a digital
copy-protection scheme, in which case publishing them would lead to an
FBI raid". <CRYPTO-GRAM, August 15, 2001>
Thomas J. Boschloo
> 2) not giving trojan protection. We read time and time again of people
> having their passphrase sniffed or stolen, and also read lots of
> peoples ideas to fix this problem - whether or not the fix works
> 100%, it's disgraceful that they do nothing. Especially now that
> we see the FBI harping on about how important their sniffer
> technology is to crime investigation; it's almost like NAI are not
> *allowed* to solve this IMHO.
It will not work. See my homepage at
<http://home.soneraplaza.nl/mw/prive/boschloo> (while it lasts, with the
third takeover in a few years even my e-mail address may be gone in a
few months).